Security News > 2021 > April

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. The sold data included 533,313,128 Facebook users, with information such as a member's mobile number, Facebook ID, name, gender, location, relationship status, occupation, and email addresses.

Rust developers have repeatedly raised concerned about an unaddressed privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. StackOverflow's 2020 developer survey ranked Rust first among the "Most loved programming languages."

Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore, and the University of California was leaked online by the Clop ransomware group. Data stolen in the attack targeting Stanford Medicine's Accellion server includes names, addresses, email addresses, Social Security numbers, and financial information, reported the Stanford Daily.

Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. Last night, Microsoft published a root cause analysis for this week's outage and explained that it was caused by their Azure DNS service becoming overloaded.

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends. In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user's personal information, including search history, IP address, age and gender.

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.

One solution to the dilemma of using different security defenses is to look for one company that provides everything to replace existing security defenses. To exemplify the idea of centralized cybersecurity Cyrebro has designed a security solution that unifies all of the security tools of an organization to make it easier to track security events, proactively deal with cyber threat intelligence, and ensure a rapid incident response.

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. A study undertaken by a group of Swiss researchers in 2019 found that "Free apps are more likely to query for such information and that third-party libraries are the main requesters of the list of installed apps."

Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files. On Thursday QNAP released TS-231 firmware version 4.3.6.1620, which addresses a command injection vulnerability and a vulnerability in Apache HTTP server.